From ee3fc54fcc217fec4ff608b865fd3bd65051f901 Mon Sep 17 00:00:00 2001 From: Christian Reitter Date: Thu, 27 Nov 2025 23:03:09 +0100 Subject: [PATCH] Integrate fuzz harnesses into main workspace --- src/Cargo.lock | 57 ++++++++++++++++++++++++++++++++++ src/Cargo.toml | 25 +++++++++++++-- src/qos_crypto/fuzz/Cargo.toml | 11 +------ src/qos_nsm/fuzz/Cargo.toml | 10 ------ src/qos_p256/fuzz/Cargo.toml | 9 ------ 5 files changed, 80 insertions(+), 32 deletions(-) diff --git a/src/Cargo.lock b/src/Cargo.lock index 012b9c40..1c2c8f96 100644 --- a/src/Cargo.lock +++ b/src/Cargo.lock @@ -94,6 +94,15 @@ dependencies = [ "libc", ] +[[package]] +name = "arbitrary" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3d036a3c4ab069c7b410a2ce876bd74808d2d0888a82667669f8e783a898bf1" +dependencies = [ + "derive_arbitrary", +] + [[package]] name = "async-trait" version = "0.1.81" @@ -578,6 +587,17 @@ dependencies = [ "serde", ] +[[package]] +name = "derive_arbitrary" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e567bd82dcff979e4b03460c307b3cdc9e96fde3d73bed1496d2bc75d9dd62a" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "des" version = "0.8.1" @@ -1411,6 +1431,16 @@ version = "0.2.172" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa" +[[package]] +name = "libfuzzer-sys" +version = "0.4.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5037190e1f70cbeef565bd267599242926f724d3b8a9f510fd7e0b540cfa4404" +dependencies = [ + "arbitrary", + "cc", +] + [[package]] name = "libloading" version = "0.8.5" @@ -2019,6 +2049,15 @@ dependencies = [ "vsss-rs", ] +[[package]] +name = "qos_crypto_fuzz" +version = "0.0.0" +dependencies = [ + "arbitrary", + "libfuzzer-sys", + "qos_crypto", +] + [[package]] name = "qos_hex" version = "0.1.0" @@ -2075,6 +2114,15 @@ dependencies = [ "x509-cert", ] +[[package]] +name = "qos_nsm_fuzz" +version = "0.0.0" +dependencies = [ + "libfuzzer-sys", + "qos_hex", + "qos_nsm", +] + [[package]] name = "qos_p256" version = "0.1.0" @@ -2090,6 +2138,15 @@ dependencies = [ "zeroize", ] +[[package]] +name = "qos_p256_fuzz" +version = "0.0.0" +dependencies = [ + "arbitrary", + "libfuzzer-sys", + "qos_p256", +] + [[package]] name = "qos_test_primitives" version = "0.1.0" diff --git a/src/Cargo.toml b/src/Cargo.toml index 526d8cb5..2712225f 100644 --- a/src/Cargo.toml +++ b/src/Cargo.toml @@ -10,15 +10,29 @@ members = [ "qos_test_primitives", "qos_p256", "qos_nsm", + # special members that are not default-members + "qos_p256/fuzz", + "qos_crypto/fuzz", + "qos_nsm/fuzz", ] +default-members = [ + "integration", + "qos_client", + "qos_core", + "qos_crypto", + "qos_host", + "qos_hex", + "qos_net", + "qos_test_primitives", + "qos_p256", + "qos_nsm", +] + exclude = [ "init", "qos_aws", "qos_system", "qos_enclave", - "qos_p256/fuzz", - "qos_crypto/fuzz", - "qos_nsm/fuzz", ] # We need this to avoid issues with the mock feature uinintentionally being # enabled just because some tests need it. @@ -91,3 +105,8 @@ qos_net = { path = "qos_net", default-features = false } qos_nsm = { path = "qos_nsm", default-features = false } qos_p256 = { path = "qos_p256" } qos_test_primitives = { path = "qos_test_primitives" } + +# TODO test extensively before enabling by default +# [profile.release] +# # enable arithmetic checks at runtime +# overflow-checks = true \ No newline at end of file diff --git a/src/qos_crypto/fuzz/Cargo.toml b/src/qos_crypto/fuzz/Cargo.toml index 4b09c15c..214f41d8 100644 --- a/src/qos_crypto/fuzz/Cargo.toml +++ b/src/qos_crypto/fuzz/Cargo.toml @@ -12,16 +12,7 @@ cargo-fuzz = true libfuzzer-sys = "0.4" arbitrary = { version = "1", features = ["derive"] } -[dependencies.qos_crypto] -path = ".." - -# Prevent this from interfering with workspaces -[workspace] -members = ["."] - -[profile.release] -# enable arithmetic checks at runtime -overflow-checks = true +qos_crypto = { path = ".." } [[bin]] name = "1_shamir_generate_reconstruct" diff --git a/src/qos_nsm/fuzz/Cargo.toml b/src/qos_nsm/fuzz/Cargo.toml index 5b27b0b5..85c3704f 100644 --- a/src/qos_nsm/fuzz/Cargo.toml +++ b/src/qos_nsm/fuzz/Cargo.toml @@ -12,19 +12,9 @@ cargo-fuzz = true libfuzzer-sys = "0.4" qos_hex = { path = "../../qos_hex" } - # we need some of the mock code features qos_nsm = { path = "../", features = ["mock"] } - -# Prevent this from interfering with workspaces -[workspace] -members = ["."] - -[profile.release] -# enable arithmetic checks at runtime -overflow-checks = true - [[bin]] name = "1_attestation_doc_from_der" path = "fuzz_targets/1_attestation_doc_from_der.rs" diff --git a/src/qos_p256/fuzz/Cargo.toml b/src/qos_p256/fuzz/Cargo.toml index c593ff64..b43bb879 100644 --- a/src/qos_p256/fuzz/Cargo.toml +++ b/src/qos_p256/fuzz/Cargo.toml @@ -14,15 +14,6 @@ arbitrary = { version = "1", features = ["derive"] } qos_p256 = { path = "../"} -# Prevent this from interfering with workspaces -[workspace] -members = ["."] - -[profile.release] -debug = 1 -# enable integer overflow checks -overflow-checks = true - [features] # feature used by some harnesses to signal a special mode, does nothing on other targets fuzzer_corpus_seed1 = []